2008-05-15 [colin] 3.4.0cvs40
[claws.git] / src / gtk / sslcertwindow.c
1 /*
2  * Claws Mail -- a GTK+ based, lightweight, and fast e-mail client
3  * Copyright (C) 1999-2007 Colin Leroy <colin@colino.net> 
4  * and the Claws Mail team
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program. If not, see <http://www.gnu.org/licenses/>.
18  * 
19  */
20
21 #ifdef HAVE_CONFIG_H
22 #  include "config.h"
23 #endif
24
25 #if (defined(USE_OPENSSL) || defined (USE_GNUTLS))
26
27 #if USE_OPENSSL
28 #include <openssl/ssl.h>
29 #else
30 #include <gnutls/gnutls.h>
31 #include <gnutls/x509.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <stdio.h>
35 #include <unistd.h>
36 #include <string.h>
37 #endif
38 #include <glib.h>
39 #include <glib/gi18n.h>
40 #include <gtk/gtk.h>
41
42 #include "prefs_common.h"
43 #include "defs.h"
44 #include "ssl_certificate.h"
45 #include "utils.h"
46 #include "alertpanel.h"
47 #include "hooks.h"
48
49 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert);
50 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert);
51 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert);
52
53 static GtkWidget *cert_presenter(SSLCertificate *cert)
54 {
55         GtkWidget *vbox = NULL;
56         GtkWidget *hbox = NULL;
57         GtkWidget *frame_owner = NULL;
58         GtkWidget *frame_signer = NULL;
59         GtkWidget *frame_status = NULL;
60         GtkTable *owner_table = NULL;
61         GtkTable *signer_table = NULL;
62         GtkTable *status_table = NULL;
63         GtkWidget *label = NULL;
64         
65         char *issuer_commonname, *issuer_location, *issuer_organization;
66         char *subject_commonname, *subject_location, *subject_organization;
67         char *fingerprint, *sig_status, *exp_date;
68         unsigned int n;
69         char buf[100];
70         unsigned char md[128];  
71 #if USE_OPENSSL
72         ASN1_TIME *validity;
73 #else
74         char *tmp;
75 #endif
76         time_t exp_time_t;
77         struct tm lt;
78
79         /* issuer */    
80 #if USE_OPENSSL
81         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
82                                        NID_commonName, buf, 100) >= 0)
83                 issuer_commonname = g_strdup(buf);
84         else
85                 issuer_commonname = g_strdup(_("<not in certificate>"));
86         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
87                                        NID_localityName, buf, 100) >= 0) {
88                 issuer_location = g_strdup(buf);
89                 if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
90                                        NID_countryName, buf, 100) >= 0)
91                         issuer_location = g_strconcat(issuer_location,", ",buf, NULL);
92         } else if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
93                                        NID_countryName, buf, 100) >= 0)
94                 issuer_location = g_strdup(buf);
95         else
96                 issuer_location = g_strdup(_("<not in certificate>"));
97
98         if (X509_NAME_get_text_by_NID(X509_get_issuer_name(cert->x509_cert), 
99                                        NID_organizationName, buf, 100) >= 0)
100                 issuer_organization = g_strdup(buf);
101         else 
102                 issuer_organization = g_strdup(_("<not in certificate>"));
103          
104         /* subject */   
105         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
106                                        NID_commonName, buf, 100) >= 0)
107                 subject_commonname = g_strdup(buf);
108         else
109                 subject_commonname = g_strdup(_("<not in certificate>"));
110         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
111                                        NID_localityName, buf, 100) >= 0) {
112                 subject_location = g_strdup(buf);
113                 if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
114                                        NID_countryName, buf, 100) >= 0)
115                         subject_location = g_strconcat(subject_location,", ",buf, NULL);
116         } else if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
117                                        NID_countryName, buf, 100) >= 0)
118                 subject_location = g_strdup(buf);
119         else
120                 subject_location = g_strdup(_("<not in certificate>"));
121
122         if (X509_NAME_get_text_by_NID(X509_get_subject_name(cert->x509_cert), 
123                                        NID_organizationName, buf, 100) >= 0)
124                 subject_organization = g_strdup(buf);
125         else 
126                 subject_organization = g_strdup(_("<not in certificate>"));
127          
128         if ((validity = X509_get_notAfter(cert->x509_cert)) != NULL) {
129                 exp_time_t = asn1toTime(validity);
130         } else {
131                 exp_time_t = (time_t)0;
132         }
133 #else
134         issuer_commonname = g_malloc(BUFFSIZE);
135         issuer_location = g_malloc(BUFFSIZE);
136         issuer_organization = g_malloc(BUFFSIZE);
137         subject_commonname = g_malloc(BUFFSIZE);
138         subject_location = g_malloc(BUFFSIZE);
139         subject_organization = g_malloc(BUFFSIZE);
140
141         n = BUFFSIZE;
142         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
143                 GNUTLS_OID_X520_COMMON_NAME, 0, 0, issuer_commonname, &n))
144                 strncpy(issuer_commonname, _("<not in certificate>"), BUFFSIZE);
145         n = BUFFSIZE;
146
147         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
148                 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, issuer_location, &n)) {
149                 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
150                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, issuer_location, &n)) {
151                         strncpy(issuer_location, _("<not in certificate>"), BUFFSIZE);
152                 }
153         } else {
154                 tmp = g_malloc(BUFFSIZE);
155                 if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
156                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
157                         strncat(issuer_location, ", ", BUFFSIZE-strlen(issuer_location));
158                         strncat(issuer_location, tmp, BUFFSIZE-strlen(issuer_location));
159                 }
160                 g_free(tmp);
161         }
162
163         n = BUFFSIZE;
164         if (gnutls_x509_crt_get_issuer_dn_by_oid(cert->x509_cert, 
165                 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, issuer_organization, &n))
166                 strncpy(issuer_organization, _("<not in certificate>"), BUFFSIZE);
167
168         n = BUFFSIZE;
169         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
170                 GNUTLS_OID_X520_COMMON_NAME, 0, 0, subject_commonname, &n))
171                 strncpy(subject_commonname, _("<not in certificate>"), BUFFSIZE);
172         n = BUFFSIZE;
173
174         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
175                 GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, subject_location, &n)) {
176                 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
177                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, subject_location, &n)) {
178                         strncpy(subject_location, _("<not in certificate>"), BUFFSIZE);
179                 }
180         } else {
181                 tmp = g_malloc(BUFFSIZE);
182                 if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
183                         GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, tmp, &n) == 0) {
184                         strncat(subject_location, ", ", BUFFSIZE-strlen(subject_location));
185                         strncat(subject_location, tmp, BUFFSIZE-strlen(subject_location));
186                 }
187                 g_free(tmp);
188         }
189
190         n = BUFFSIZE;
191         if (gnutls_x509_crt_get_dn_by_oid(cert->x509_cert, 
192                 GNUTLS_OID_X520_ORGANIZATION_NAME, 0, 0, subject_organization, &n))
193                 strncpy(subject_organization, _("<not in certificate>"), BUFFSIZE);
194                 
195         exp_time_t = gnutls_x509_crt_get_expiration_time(cert->x509_cert);
196 #endif  
197
198         memset(buf, 0, sizeof(buf));
199         strftime(buf, sizeof(buf)-1, prefs_common.date_format, localtime_r(&exp_time_t, &lt));
200         exp_date = (*buf) ? g_strdup(buf):g_strdup("?");
201
202         /* fingerprint */
203 #if USE_OPENSSL
204         X509_digest(cert->x509_cert, EVP_md5(), md, &n);
205         fingerprint = readable_fingerprint(md, (int)n);
206
207         /* signature */
208         sig_status = ssl_certificate_check_signer(cert->x509_cert);
209 #else
210         n = 128;
211         gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_MD5, md, &n);
212         fingerprint = readable_fingerprint(md, (int)n);
213
214         /* signature */
215         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
216 #endif
217
218         if (sig_status==NULL)
219                 sig_status = g_strdup(_("correct"));
220
221         vbox = gtk_vbox_new(FALSE, 5);
222         hbox = gtk_hbox_new(FALSE, 5);
223         
224         frame_owner  = gtk_frame_new(_("Owner"));
225         frame_signer = gtk_frame_new(_("Signer"));
226         frame_status = gtk_frame_new(_("Status"));
227         
228         owner_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
229         signer_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
230         status_table = GTK_TABLE(gtk_table_new(3, 2, FALSE));
231         
232         label = gtk_label_new(_("Name: "));
233         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
234         gtk_table_attach(owner_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
235         label = gtk_label_new(subject_commonname);
236         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
237         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
238         gtk_table_attach(owner_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
239         
240         label = gtk_label_new(_("Organization: "));
241         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
242         gtk_table_attach(owner_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
243         label = gtk_label_new(subject_organization);
244         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
245         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
246         gtk_table_attach(owner_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
247         
248         label = gtk_label_new(_("Location: "));
249         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
250         gtk_table_attach(owner_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
251         label = gtk_label_new(subject_location);
252         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
253         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
254         gtk_table_attach(owner_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
255
256         label = gtk_label_new(_("Name: "));
257         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
258         gtk_table_attach(signer_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
259         label = gtk_label_new(issuer_commonname);
260         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
261         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
262         gtk_table_attach(signer_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
263         
264         label = gtk_label_new(_("Organization: "));
265         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
266         gtk_table_attach(signer_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
267         label = gtk_label_new(issuer_organization);
268         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
269         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
270         gtk_table_attach(signer_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
271         
272         label = gtk_label_new(_("Location: "));
273         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
274         gtk_table_attach(signer_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
275         label = gtk_label_new(issuer_location);
276         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
277         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
278         gtk_table_attach(signer_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
279
280         label = gtk_label_new(_("Fingerprint: "));
281         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
282         gtk_table_attach(status_table, label, 0, 1, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
283         label = gtk_label_new(fingerprint);
284         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
285         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
286         gtk_table_attach(status_table, label, 1, 2, 0, 1, GTK_EXPAND|GTK_FILL, 0, 0, 0);
287         label = gtk_label_new(_("Signature status: "));
288         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
289         gtk_table_attach(status_table, label, 0, 1, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
290         label = gtk_label_new(sig_status);
291         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
292         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
293         gtk_table_attach(status_table, label, 1, 2, 1, 2, GTK_EXPAND|GTK_FILL, 0, 0, 0);
294         label = gtk_label_new(_("Expires on: "));
295         gtk_misc_set_alignment (GTK_MISC (label), 1, 0.5);
296         gtk_table_attach(status_table, label, 0, 1, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
297         label = gtk_label_new(exp_date);
298         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
299         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
300         gtk_table_attach(status_table, label, 1, 2, 2, 3, GTK_EXPAND|GTK_FILL, 0, 0, 0);
301         
302         gtk_container_add(GTK_CONTAINER(frame_owner), GTK_WIDGET(owner_table));
303         gtk_container_add(GTK_CONTAINER(frame_signer), GTK_WIDGET(signer_table));
304         gtk_container_add(GTK_CONTAINER(frame_status), GTK_WIDGET(status_table));
305         
306         gtk_box_pack_end(GTK_BOX(hbox), frame_signer, TRUE, TRUE, 0);
307         gtk_box_pack_end(GTK_BOX(hbox), frame_owner, TRUE, TRUE, 0);
308         gtk_box_pack_end(GTK_BOX(vbox), frame_status, TRUE, TRUE, 0);
309         gtk_box_pack_end(GTK_BOX(vbox), hbox, TRUE, TRUE, 0);
310         
311         gtk_widget_show_all(vbox);
312         
313         g_free(issuer_commonname);
314         g_free(issuer_location);
315         g_free(issuer_organization);
316         g_free(subject_commonname);
317         g_free(subject_location);
318         g_free(subject_organization);
319         g_free(fingerprint);
320         g_free(sig_status);
321         g_free(exp_date);
322         return vbox;
323 }
324
325 static gboolean sslcert_ask_hook(gpointer source, gpointer data)
326 {
327         SSLCertHookData *hookdata = (SSLCertHookData *)source;
328
329         if (prefs_common.skip_ssl_cert_check)
330                 return TRUE;
331
332         if (hookdata == NULL) {
333                 return FALSE;
334         }
335         if (hookdata->old_cert == NULL) {
336                 if (hookdata->expired)
337                         hookdata->accept = sslcertwindow_ask_expired_cert(hookdata->cert);
338                 else
339                         hookdata->accept = sslcertwindow_ask_new_cert(hookdata->cert);
340         } else {
341                 hookdata->accept = sslcertwindow_ask_changed_cert(hookdata->old_cert, hookdata->cert);
342         }
343         return TRUE;
344 }
345
346 void sslcertwindow_register_hook(void)
347 {
348         hooks_register_hook(SSLCERT_ASK_HOOKLIST, sslcert_ask_hook, NULL);
349 }
350
351 void sslcertwindow_show_cert(SSLCertificate *cert)
352 {
353         GtkWidget *cert_widget = cert_presenter(cert);
354         gchar *buf;
355         
356         buf = g_strdup_printf(_("SSL certificate for %s"), cert->host);
357         alertpanel_full(buf, NULL, GTK_STOCK_CLOSE, NULL, NULL,
358                         FALSE, cert_widget, ALERT_NOTICE, G_ALERTDEFAULT);
359         g_free(buf);
360 }
361
362 static gboolean sslcertwindow_ask_new_cert(SSLCertificate *cert)
363 {
364         gchar *buf, *sig_status;
365         AlertValue val;
366         GtkWidget *vbox;
367         GtkWidget *label;
368         GtkWidget *button;
369         GtkWidget *cert_widget;
370         
371         vbox = gtk_vbox_new(FALSE, 5);
372         buf = g_strdup_printf(_("Certificate for %s is unknown.\nDo you want to accept it?"), cert->host);
373         label = gtk_label_new(buf);
374         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
375         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
376         g_free(buf);
377         
378 #if USE_OPENSSL
379         sig_status = ssl_certificate_check_signer(cert->x509_cert);
380 #else
381         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
382 #endif
383         if (sig_status==NULL)
384                 sig_status = g_strdup(_("correct"));
385
386         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
387         label = gtk_label_new(buf);
388         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
389         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
390         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
391         g_free(buf);
392         g_free(sig_status);
393         
394         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
395         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
396         cert_widget = cert_presenter(cert);
397         gtk_container_add(GTK_CONTAINER(button), cert_widget);
398
399         val = alertpanel_full(_("Unknown SSL Certificate"), NULL,
400                               _("_Cancel connection"), _("_Accept and save"), NULL,
401                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
402         
403         return (val == G_ALERTALTERNATE);
404 }
405
406 static gboolean sslcertwindow_ask_expired_cert(SSLCertificate *cert)
407 {
408         gchar *buf, *sig_status;
409         AlertValue val;
410         GtkWidget *vbox;
411         GtkWidget *label;
412         GtkWidget *button;
413         GtkWidget *cert_widget;
414         
415         vbox = gtk_vbox_new(FALSE, 5);
416         buf = g_strdup_printf(_("Certificate for %s is expired.\nDo you want to continue?"), cert->host);
417         label = gtk_label_new(buf);
418         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
419         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
420         g_free(buf);
421         
422 #if USE_OPENSSL
423         sig_status = ssl_certificate_check_signer(cert->x509_cert);
424 #else
425         sig_status = ssl_certificate_check_signer(cert->x509_cert, cert->status);
426 #endif
427
428         if (sig_status==NULL)
429                 sig_status = g_strdup(_("correct"));
430
431         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
432         label = gtk_label_new(buf);
433         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
434         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
435         gtk_box_pack_start(GTK_BOX(vbox), label, TRUE, TRUE, 0);
436         g_free(buf);
437         g_free(sig_status);
438         
439         button = gtk_expander_new_with_mnemonic(_("_View certificate"));
440         gtk_box_pack_start(GTK_BOX(vbox), button, FALSE, FALSE, 0);
441         cert_widget = cert_presenter(cert);
442         gtk_container_add(GTK_CONTAINER(button), cert_widget);
443
444         val = alertpanel_full(_("Expired SSL Certificate"), NULL,
445                               _("_Cancel connection"), _("_Accept"), NULL,
446                               FALSE, vbox, ALERT_QUESTION, G_ALERTDEFAULT);
447         
448         return (val == G_ALERTALTERNATE);
449 }
450
451 static gboolean sslcertwindow_ask_changed_cert(SSLCertificate *old_cert, SSLCertificate *new_cert)
452 {
453         GtkWidget *old_cert_widget = cert_presenter(old_cert);
454         GtkWidget *new_cert_widget = cert_presenter(new_cert);
455         GtkWidget *vbox;
456         gchar *buf, *sig_status;
457         GtkWidget *vbox2;
458         GtkWidget *label;
459         GtkWidget *button;
460         AlertValue val;
461         
462         vbox = gtk_vbox_new(FALSE, 5);
463         label = gtk_label_new(_("New certificate:"));
464         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
465         gtk_box_pack_end(GTK_BOX(vbox), new_cert_widget, TRUE, TRUE, 0);
466         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
467         gtk_box_pack_end(GTK_BOX(vbox), gtk_hseparator_new(), TRUE, TRUE, 0);
468         label = gtk_label_new(_("Known certificate:"));
469         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
470         gtk_box_pack_end(GTK_BOX(vbox), old_cert_widget, TRUE, TRUE, 0);
471         gtk_box_pack_end(GTK_BOX(vbox), label, TRUE, TRUE, 0);
472         gtk_widget_show_all(vbox);
473         
474         vbox2 = gtk_vbox_new(FALSE, 5);
475         buf = g_strdup_printf(_("Certificate for %s has changed. Do you want to accept it?"), new_cert->host);
476         label = gtk_label_new(buf);
477         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
478         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
479         g_free(buf);
480         
481 #if USE_OPENSSL
482         sig_status = ssl_certificate_check_signer(new_cert->x509_cert);
483 #else
484         sig_status = ssl_certificate_check_signer(new_cert->x509_cert, new_cert->status);
485 #endif
486
487         if (sig_status==NULL)
488                 sig_status = g_strdup(_("correct"));
489
490         buf = g_strdup_printf(_("Signature status: %s"), sig_status);
491         label = gtk_label_new(buf);
492         gtk_label_set_selectable(GTK_LABEL(label), TRUE);
493         gtk_misc_set_alignment (GTK_MISC (label), 0, 0.5);
494         gtk_box_pack_start(GTK_BOX(vbox2), label, TRUE, TRUE, 0);
495         g_free(buf);
496         g_free(sig_status);
497         
498         button = gtk_expander_new_with_mnemonic(_("_View certificates"));
499         gtk_box_pack_start(GTK_BOX(vbox2), button, FALSE, FALSE, 0);
500         gtk_container_add(GTK_CONTAINER(button), vbox);
501
502         val = alertpanel_full(_("Changed SSL Certificate"), NULL,
503                               _("_Cancel connection"), _("_Accept and save"), NULL,
504                               FALSE, vbox2, ALERT_WARNING, G_ALERTDEFAULT);
505         
506         return (val == G_ALERTALTERNATE);
507 }
508 #endif